Citizenship Insight Privacy Policy

Our contact details as a data controller

1. Personal data of visitors and/or clients of Citizenship Insight is processed by Legal Services EOOD, a data controller in the European Union, whose details are set out below. If you have questions about data protection, or if you have any requests for resolving issues with your personal data, we encourage you to primarily contact us via email as below.

Legal Services EOOD, a company incorporated in Bulgaria under registered number 202331677.
Address: Office 3A, Floor 3, 19B Patriarch Evtimiy Blvd, Sofia, Bulgaria

Content of policy

1. This Privacy Policy describes:

1. What personal information do we collect
2. How do we obtain your personal information
3. How do we use it
4. On what grounds do we use it
5. How long do we keep it
6. With whom do we share it
7. How do we protect it
8. To which countries may we transfer it
9. Your rights regarding your personal information
10. The methods we use to assure data security
11. Who are the Data Controllers in relation to your personal information

What personal information might we collect?

3. We may collect personal information from you in the course of our business, including through your use of our website, when you contact us, request information, engage our services or as a result of your engaging with one or more of our staff.

4. The personal information that we process may include:

• • basic information, eg your name (including adfixes/titles), the company you work for or do business through, your job title(s) or position(s) and your relationship to other persons
  • contact information, eg your postal and email addresses and phone numbers
  • financial information, such as payment-related information
  • technical information, such as information from your visits to our website or applications or in relation to materials and communications we send to you
  • information you provide to us to attend meetings and events, including access and dietary requirements
  • identification and background information you provide or we collect as part of our business acceptance processes
  • personal information provided to us by or on behalf of you or generated by us in the course or providing services, which may include special categories of data
  • any other information relating to you which you may provide to us.

How do we obtain your personal information?

5. We may obtain your information in a number of ways:

• • as part of our business acceptance processes and in the course of providing services;
  • while monitoring our technology and services, including websites and email
  • as above, when you provide it to us, or interact with us directly
  • from other sources, such as keeping the contact details we already hold for you accurate and up to date by using public sources.

How do we use your personal information?

6. We may use information we hold:

• • to provide and improve this website and our other services, including auditing and monitoring their use
  • to provide and improve our services to you and to our (other) clients, including handling the personal information of others on behalf of our clients
  • to provide information requested by you
  • to promote our services, including sending legal updates, publications and details of events
  • to manage and administer our relationship with you and our (other) clients
  • to fulfil our legal, regulatory and risk management obligations, including establishing, exercising or defending legal claims, and
  • for the purposes of recruitment.

On what basis do we use your personal information?

7. On one or more of the following grounds:

• • to form and perform contracts, such as to provide our services
  • to establish, exercise or defend legal claims or proceedings
  • to comply with legal and regulatory obligations
  • for legitimate business purposes

How long do we keep your personal information?

8. We retain your data within the limits (but not necessarily up to the time limits) of what the law permits us to and according to the EU GDPR Principles for data protection . Retention periods are based on the purpose for which the information is collected and used, taking into account legal and regulatory requirements for minimum retention, limitation periods for claims, good practice and our business purposes. Please note that if you ask us to remove your personal data, we may in some cases even so retain your data as necessary to comply with our legal obligations.

With whom do we share your personal information?

9. We are an international firm and information you provide to us may be shared with certain trusted third parties in accordance with contractual arrangements in place with them, including:
10. • our professional advisers, accountants and auditors
    • suppliers to whom we outsource certain services such as word processing, translation, photocopying and document review
    • IT service providers to us
    • third parties engaged in the course of the services we provide to clients and with their prior consent, such as foreign lawyers, other lawyers in Bulgaria, advocates, barristers, local counsel and technology service providers like data room and case management services
    • third parties involved in hosting or organising events or seminars and others

10. Where necessary, or for the reasons set out in this Privacy Policy, personal information may also be shared with regulatory authorities, courts, tribunals, government agencies and law enforcement agencies. While it is unlikely, we may be required to disclose your information to comply with legal or regulatory requirements. We will use reasonable endeavours to notify you before we do this, unless we are legally prohibited from doing so.

11. If in the future we re-organise or transfer all or part of our business, we may need to transfer your information to new entities or to third parties through which our business will be carried out.

12. We may use services such as LinkedIn, Google, Twitter, Facebook, Medium, Quora, Vkontakte, Yandex and others. If you use these services, you should review their privacy policies for more information on how they deal with your personal information including how this may interact with our use of these social media sites. 

Some of their policies are available at these URLs:

LinkedIn: www.linkedin.com/legal/privacy-policy
Google: www.policies.google.com/privacy
Twitter: www.twitter.com/privacy
Facebook: https://www.facebook.com/policy.php
Quora: https://www.quora.com/about/privacy
Vkontakte: https://vk.com/privacy
Yandex: https://yandex.com/legal/confidential/

13. We do not and will not sell, rent or otherwise make personal information commercially available to any third party, except with your prior permission.

How do we protect your personal information?

14. We use a variety of technical and organisational measures to protect your personal information from unauthorised access, use, disclosure, alteration or destruction, consistent with applicable data protection laws.

To which countries may we transfer your personal information?

15. To provide our services we may need to transfer your personal information outside the jurisdiction in which you provide it or where you are viewing our website; we will do so for the purposes set out here. This may involve a transfer of your information across the EEA’s borders. 

16. The level of information protection outside the EEA may be lesser than that offered within the EEA. If so, we will take steps to ensure that your information remains protected and secure as required by applicable data protection law. EU Standard Contractual Clauses are in place between all of our affiliates and associates that share and process personal data. Where our third party service providers process personal data outside the EEA in the course of providing services to us, we will do likewise.

Your rights regarding your personal information

The European Union’s GDPR and other applicable data protection laws provide certain rights for data subjects.You are entitled to request details of the information we hold about you and how we process it. You may also have a right in accordance with applicable data protection law to have the information rectified or deleted, to restrict our processing of that information, to stop unauthorised transfers of your personal information to a third party and, in some circumstances, to have personal information relating to you transferred to another organisation. You may also have the right to lodge a complaint in relation to the processing of your personal information with a local supervisory authority.

17. If you object to the processing of your personal information, or if you have provided your consent to processing and you later choose to withdraw it, we will respect that choice in accordance with our legal obligations.

18. Your objection (or withdrawal of any previously given consent) could mean that we are unable to perform the actions necessary to achieve the purposes set out above or that you may not be able to make use of the services and products offered by us. Please note that even after you have chosen to withdraw your consent we may need or be able to continue to process your personal information to the extent required or otherwise permitted by law, in particular in connection with exercising and defending our legal rights or meeting our legal and regulatory obligations.

19. We must ensure that your personal information is accurate and up to date. Therefore, please advise us of any changes to your information by email to

Data security and data breach

20. We respect and are committed to safeguarding your privacy and have undertaken and put in place physical, electronic and managerial measures to deliver on our commitments. Additionally, we try to work with such parties, which adhere to the highest levels of privacy and security practices. Our website is reviewed for security gaps and known vulnerabilities in order to make your experience as safe as possible.

21. Your sensitive information is contained behind secured networks and is only accessible by a limited number of persons and third parties who have special access rights to such systems and are required to follow policies stipulated herein.

22. However, you should know that electronic transmission and data storage are imperfect by nature and we cannot unfortunately guarantee absolutely that your personal information will be safe.

November 2020